Digital Rights Management (DRM) is a set of technologies that provide the means to control the distribution and consumption of content (sometimes also termed as media, content object, content/media items, content/media objects, content/media elements, and the like). Under the DRM framework, content is securely distributed and consumed by authorized recipients, e.g. authenticated user devices, per the usage rights expressed by the content issuer (other names for content issuer include content provider, content owner, content distributor, and the like). The DRM framework is independent of content formats, operating systems, communication channels, and runtime environments. Content protected by the DRM can be of a wide variety: documents, images, ring tones, music clips, video clips, streaming media, games, and so on.
A known DRM system is standardized in the Open Mobile Alliance (OMA) technical specification “DRM Version 2.0”. The OMA DRM system enables content issuers (CI) to distribute protected content and rights issuers (RI) to assign rights associated with the protected content. Rights are also known as usage rights, (usage) permissions, (usage) rules, (usage) constraints, and so forth. They govern the manner the protected content is consumed by particular content recipients. For user consumption of the content, the content recipient acquires the respective rights from the RI. The content is cryptographically protected when distributed; thus the protected content can only be used with the associated rights issued for the specific content recipient and appropriate decryption key(s).
According to OMA DRM Version 2.0, the protected content and the associated rights may be delivered to the content recipient separately. Public key infrastructure (PKI) concepts may also be applied, at least to a certain degree, for improved security. The basic idea of OMA DRM Separate Delivery is illustrated in FIG. 1A.
As shown in FIG. 1A, a content item 1 as provided by CI 2 is encrypted (as figuratively shown by the lock 4). The encryption is performed with a Content Encryption Key (CEK) (not shown). The encrypted content item 1 is embedded into a so-called “content file” 3 to be distributed to a content recipient 5. At the same time, an RI 6 issues certain rights 7 for the content recipient 5. The rights 7 may be encoded into a data structure called Rights Object (RO) 8. The RO 8 also comprises a cryptographic key 9 which corresponds to the CEK with which the content item 1 has been encrypted. Moreover, the entire RO 8 may be protected (as figuratively shown by the lock 10) by encryption with another key (not shown), e.g., a public key of the content recipient 5.
The content file 3 and the (encrypted) RO 8 are delivered to the content recipient 5 separately, e.g. via separate channels or routes 11 and 12. Using a private key 13, the content recipient 5 decrypts the RO 8 so that it can retrieve the CEK 9 and the granted rights 7 embedded in the RO 8. With knowledge of the CEK 9 and the rights 7, the content recipient 5 is then able to decrypt the protected content item 1 received via the content file 3 and consequently, the content item 1 can be consumed according to the rights 7.
Group Rights Objects (GROs) have been introduced in the OMA DRM system in order to govern the consumption of multiple content items by a single rights object. Under a GRO, several content files can be grouped together, which has the effect that the content items comprised therein form a group. Once the rights granted in a GRO expire, a new GRO may be issued by a RI. The rights granted in this new GRO are valid for all the content items in the group. The basic structure of a GRO and its association with a group of content items is depicted in FIG. 2.
As shown in FIG. 2, a GRO is identified by a group identifier, or GID. Each content file belonging to the GRO is marked with the same GID. Thus, through the common GID the group of content files are associated with the GRO. The GRO is a single rights object issued (by an RI) for all the content items in the respective group. Hence, the consumption of all these content items can be governed by the same rights. The GRO also comprises a Group Key, or Group Encryption Key (GEK), that is used to encrypt the CEKs of all the content files. This will become more apparent below.
With DRM, an encrypted content item may be packaged into a content file of a specific format, the DRM Content Format. In the present context, such a content file is referred to as a DCF file. The DCF file may be object-structured. An example of the DCF file format is specified in OMA's “DRM Content Format Version 2.0”. This format is based on ISO Base Media File Format specification ISO14496-12 and hence is constructed around an object-oriented design of “boxes”. Section 6.3 of OMA DRM DCF Version 2.0 presents an overall structure of this particular format, and the relevant components thereof are now explained with reference to FIG. 3.
As shown in FIG. 3, a DCF file 30 includes one or more “DRM Container” boxes 31 and 32. Each DRM Container box 31 has a content item 33 and its associated headers, which are comprised in the “DRM Content” box 34 and the “DCF Headers” box 35, respectively. One of the headers in the DCF Headers box 35 is “Content ID” 36, which uniquely identifies the content item 33. There may be other headers within the DCF Headers box 35. One or more of these other headers may include zero or more nested boxes that add functionalities to the DCF headers.
Corresponding to the GRO concept, the DCF file may include a DRM GroupID box 37 in the DCF Headers box 35. The DRM GroupID box 37 may further include a GroupID field 38 for identifying the DCF file 30 in question as part of a group of DCF files whose rights are defined in a common GRO instead of (or in addition to) in separate content-specific ROs. This GroupID field 38 includes the above-mentioned GID of the group of content files, which corresponds to the GID of the GRO. Hence, the GID in the GroupID field 38 in the DCF file 30 may serve as a reference to the associated GRO.
The DCF Headers box 35 may also include a “GroupKey” box 39 for comprising an encrypted key. Generally, each content item of a group of content files will be encrypted with a different CEK (CEK1, CEK2, as so on) as shown in FIG. 2. To further protect these CEKs, an additional key (used for the whole group) may be employed; this is the function of the Group Encryption Key, or GEK, comprised in the GRO. The GEK is used to encrypt all the CEKs used for protecting the respective content items in the DCF file group (see FIG. 2). The encrypted CEKs are stored in the GroupKey boxes 39 of the respective DCF files.
A GRO is particularly useful for broadcasting (the same) content to multiple recipients, so that the content can be protected by the same group key and the same rights can be granted to each content recipient in the group. To consume the content, each individual recipient needs to acquire the GRO one way or the other. This may be done via a unicast connection, using the Rights Object Acquisition Protocol (ROAP) specified by OMA, for example.
The DRM systems known in the art, including the OMA DRM are inferior in that they fail to provide a flexible management of content files using GROs.